cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to Consume On-premise OData Service via Cloud Connector from HCP with Principal Propagation

LiaoAlex
Associate
Associate

on ‎12-22-2016 10:37 AM

0 Kudos

Hi Experts,

I have the arch scenario as below:

1.Deploy Java App on Hana Cloud Platform,runtime is Java Tomcat 7, then configure Destination to on-premise OData service.

2.Configure Access control in Cloud Connector to expose the resource.

3.Access Java app to access backend system and retrieve data.

But I encounter some issue on the destination service.

----Case 1:

configure destination as Basic Authentication.

then when I build HTTP request to backend service, I add following codes:

String credentials = destConfiguration.getProperty("User") + ":" + destConfiguration.getProperty("Password");

String cred_encode = Base64.encodeBase64String(credentials.getBytes()); connection.setRequestProperty("Authorization", "Basic " + cred_encode);

In a word, need to fill Authorization field as "Basic 6HIJ3i8er" into HTTP header, then I can make a successful aceess to backend resource.

----Case 2:

However, now I want to configure destination as Principal Propagation.

Then when I build HTTP request , what content should I fill into HTTP request header? If I did nothing, there is error shown as "#ERROR#com.sap.core.connectivity.protocol.http.handlers.HttpAuthenticationHandler#tunnelclient-4-1#0x7a6fa57f#Unable to generate authorization token".

Thanks in advance for your help.

Alex.

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

kai-fabius_pribyl
Discoverer
‎10-26-2017 1:14 PM

Hi Alex,

did you find a solution? I have the same issue right know, I'm wondering what to put into the HTTP request header. I'm getting a http 401 response (Unauthorized) which makes sense if I leave it blank. I'm working with DestinationConfiguration within a Tomcat 8 runtime.

My Cloud Connector should create a X.509 user Certificate. Am I supposed to use the AuthenticationHeaderProvider and put my SAML2.0 session into the authorization field? It doesn't seem to work that way.

Kai

Show replies
Show replies
kai-fabius_pribyl
Discoverer
‎10-26-2017 4:28 PM
0 Kudos

I just figured out myself:

The header field "SAP-Connectivity-Authentication" with "PrincipalPropagation <PrincipalPropagationToken>" is needed, which you can easily get with the getPrincipalPropagationHeader method of an AuthenticationHeaderProvider.

When using the servlet shown here: https://help.sap.com/viewer/cca91383641e40ffbe03bdc78f00f681/Cloud/en-US/22123f544cb64372959b4a1bd8e...

just add 

<resource-ref>
    <res-ref-name>myAuthHeaderProvider</res-ref-name>
    <res-type>com.sap.core.connectivity.api.authentication.AuthenticationHeaderProvider</res-type>
</resource-ref><br>

to the web.xml and the following to your java servlet:

AuthenticationHeaderProvider authHeadProv = (AuthenticationHeaderProvider) ctx.lookup("java:comp/env/myAuthHeaderProvider");
AuthenticationHeader ppHeader = authHeadProv.getPrincipalPropagationHeader();
urlConnection.setRequestProperty(ppHeader.getName(),  ppHeader.getValue());

The AuthenticationHeaderProvider API is also worth reading.

Ask a Question